diff --git a/pndp/rawsocket.go b/pndp/rawsocket.go
index 7018415..00bdb43 100644
--- a/pndp/rawsocket.go
+++ b/pndp/rawsocket.go
@@ -61,6 +61,7 @@ func listen(iface string, responder chan *ndpRequest, requestType ndpType, stopW
 	}
 	go func() {
 		<-stopChan
+		setAllMulti(fd, iface, false)
 		_ = syscall.Close(fd)
 		stopWG.Done() // syscall.read does not release when the file descriptor is closed
 	}()
@@ -77,6 +78,8 @@ func listen(iface string, responder chan *ndpRequest, requestType ndpType, stopW
 		panic(err.Error())
 	}
 
+	setAllMulti(fd, iface, true)
+
 	var protocolNo uint32
 	if requestType == ndp_SOL {
 		//Neighbor Solicitation
@@ -163,3 +166,28 @@ func listen(iface string, responder chan *ndpRequest, requestType ndpType, stopW
 		}
 	}
 }
+
+type iflags struct {
+	name  [syscall.IFNAMSIZ]byte
+	flags uint16
+}
+
+func setAllMulti(fd int, iface string, enable bool) {
+	var ifl iflags
+	copy(ifl.name[:], []byte(iface))
+	_, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.SIOCGIFFLAGS, uintptr(unsafe.Pointer(&ifl)))
+	if ep != 0 {
+		panic(ep)
+	}
+
+	if enable {
+		ifl.flags |= uint16(syscall.IFF_ALLMULTI)
+	} else {
+		ifl.flags &^= uint16(syscall.IFF_ALLMULTI)
+	}
+
+	_, _, ep = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.SIOCSIFFLAGS, uintptr(unsafe.Pointer(&ifl)))
+	if ep != 0 {
+		panic(ep)
+	}
+}
diff --git a/pndpd.service b/pndpd.service
index 4dab6b2..f4e1964 100644
--- a/pndpd.service
+++ b/pndpd.service
@@ -10,8 +10,8 @@ RestartSec=5s
 ExecStart=/usr/bin/pndpd config /etc/pndpd/pndpd.conf
 
 DynamicUser=yes
-AmbientCapabilities=CAP_NET_RAW
-CapabilityBoundingSet=
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
 ProtectHome=yes
 
 [Install]